[VOIPSEC] Soft Phone Vulnerabilities
Bipin_Mistry at 3com.com
Bipin_Mistry at 3com.com
Fri Jun 23 08:54:36 CDT 2006
Hi,
So I agree - once you are in via IPSec then you could access the backend
cellular systems. The key (excuse the pun) would be establish a SA first.
That piece isn't as easy as it sounds.
Bipin
"Dustin D. Trammell" <dtrammell at tippingpoint.com>
Sent by: Voipsec-bounces at voipsa.org
06/22/2006 06:07 PM
To
Voipsec at voipsa.org
cc
Subject
Re: [VOIPSEC] Soft Phone Vulnerabilities
On Tue, 2006-06-13 at 16:17 -0400, Randell Jesup wrote:
> Cellphones and in particular the cell network are harder to physically
hack
> (regardless of the security levels of the protocols themselves) than
> computer networks (which are often easy to attack sitting in your
bathrobe
> 1/2-way around the world). Yes, I may be glossing over a few issues, but
> you get my point.
It's important to note that this is about to no-longer be the case. As
cellular carriers begin to deploy UMA and IMS systems, anyone with an
authorized SIM card (not hard to buy or steal), USB SIM reader ($30 from
various online merchants, I recommend the ACS brand readers), and some
hacked up software (a week or so worth of work) will be able to emulate
a cellular/wifi dual-mode user agent and will be able to attach to the
wifi access point and subsequently establish an IPSec SA with one of the
provider's SGWs. At that point it's trivial to access the back-end
cellular network, because they have a legitimately authenticated tunnel
directly to it (sans any strict per-connection firewalling at the SGW).
All while sitting in their bathrobe 1/2-way around the world.
--
Dustin D. Trammell
VoIP Security Research
TippingPoint, a division of 3Com
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list